Esc

Credential Rotation

D3-CRO
D3-CRO (Credential Rotation)

Definition

Expiring an existing set of credentials and reissuing a new valid set

How it works

Management servers with enterprise policies for account management provide the ability to change or reset passwords for accounts. Some organizations rotate credentials periodically to limit the risk of stolen credentials.

Considerations

  • When responding to an incident, severity of compromise should be considered to determine what credentials to what accounts should be regenerated
  • If proactively rotating credentials periodically, several factors should be considered to determine the frequency. Also introduces some risk including promoting the creation of weak passwords and poor storage practices for employees and presents challenges in proper tracking.
loading...
json
loading...

References

All
Internet Article

The following references were used to develop the Credential Rotation knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise

Reference Type: Internet Article Organization: CISA
Source: https://www.cisa.gov/news-events/analysis-reports/ar21-134a

Password and Key Rotation

Reference Type: Internet Article Organization: SSH
Source: https://www.ssh.com/academy/iam/password-key-rotation

A knowledge graph of cybersecurity countermeasures